3AVIT

Member
  • Content Count

    2
  • Joined

  • Last visited

Community Reputation

0 Neutral

About 3AVIT

  • Rank
    New Member
  1. After researching a little more about the relationship between Amnesia and Scarab, I now realize that people were posting on this forum starting around February of this year with (probably) the exact flavor of Scarab-Amnesia that I am dealing with. I also see that, currently, there is no known utility to decrypt the files. *HeadHitsKeyboard* A backup of the all encrypted files has now been made. The shadow files were deleted - I will be working on trying to see if I can recover any of them in case they were not deleted securely. Please chime in if there are any further suggestions and/or new bits of information regarding this nasty little creature. Thanks again. --- T
  2. Hello - I have a machine that I am in some serious need for help with. A cryptovirus identifying itself as Amnesia has encrypted most filetypes on the machine and a backup drive that was left attached to the machine. The decrypt_Amnesia2 tool was run against the machine and the backup drive first - with no effect. I have run the decrypt_Amnesia tool against probably about ten different identical files (ranging in file size from 1KB to 80KB) - also with no effect. As per the requirements for assistance in the forum, I have run and attached the EmsisoftEmergencyKit and the FRST64 logs. I have also run the Virus Total Can against an encrypted file hoping it would yield some identification - but it did not. I am unable to find the guide.exe file anywhere on the machine - so I am really not sure what exe was called in order to encrypt all the files - much less to scan it with VirusTotal. (Results are still attached) ID Ransomware (uploading both the ransom note and an encrypted file) identified the ransomware as 'Scarab'; however, the file extensions are all .amnesia. (Results still attached) Any help that you guys can provide would be greatly appreciated. I can certainly send some of the encrypted and unencrypted duplicates if it helps; however, I did not want to just attach them to this post unless instructed to do so. Thank you all very much for being willing to lend a hand to all of us that are struggling. --- T Addition.txt FRST.txt scan_180412-112754.txt IDRansomwareResults.txt VirusTotalScan.txt